CN102404727A - Method and device for safety control of mobile terminal - Google Patents

Method and device for safety control of mobile terminal Download PDF

Info

Publication number
CN102404727A
CN102404727A CN2011103780656A CN201110378065A CN102404727A CN 102404727 A CN102404727 A CN 102404727A CN 2011103780656 A CN2011103780656 A CN 2011103780656A CN 201110378065 A CN201110378065 A CN 201110378065A CN 102404727 A CN102404727 A CN 102404727A
Authority
CN
China
Prior art keywords
authority
control
application
reliability rating
control strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011103780656A
Other languages
Chinese (zh)
Other versions
CN102404727B (en
Inventor
雷明剑
王巍
徐立锋
古幼鹏
钟声
胡炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Doudou Network Co ltd
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110378065.6A priority Critical patent/CN102404727B/en
Priority to PCT/CN2012/071201 priority patent/WO2013075412A1/en
Publication of CN102404727A publication Critical patent/CN102404727A/en
Application granted granted Critical
Publication of CN102404727B publication Critical patent/CN102404727B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/66Trust-dependent, e.g. using trust scores or trust relationships

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The invention provides a method and device for safety control of a mobile terminal. The method comprises the steps as follows: when the fact is monitored that an application uses the system privilege, acquiring the trust level which the application belongs to and a control privilege list in the trust level, wherein the privilege required in the trust level is recorded in the control privilege list; judging whether the system privilege is the privilege in the control privilege list or not; and if the system privilege is not the privilege in the control privilege list, then allowing the application to use the system privilege. According to the invention, through the division of the trust level and the control privilege list, the functions of privilege use management and control are achieved, the technical problem in the prior art is solved that secure operation of the mobile terminal can not be guaranteed, and then the technical effect of security control capacity of a mobile terminal system is achieved.

Description

The method of controlling security of portable terminal and device
Technical field
The present invention relates to the communications field, in particular to a kind of method of controlling security of portable terminal and be device.
Background technology
Along with the development of mechanics of communication, portable terminals such as mobile phone have got into the intelligence epoch, and on free, open intelligent mobile phone platform, because application developer is more, quality is also uneven, makes its fail safe be difficult to be guaranteed.For example application developer can be through exploitation; Or utilize source code to revise software; Contain malice with implantation and deduct fees, steal user privacy information and connect the malicious code of behaviors such as leaking, thereby the safety of user's portable terminals such as mobile phone is caused serious threat through peripheral hardware.
At present; A little less than the security control ability relative thin of mobile terminal system, it can only guarantee the stability that downloads, data integrity are detected, and can't effectively verify the source of application software of mobile terminal; Lack comprehensively test and effective authentication mechanism; Also can't possibly exist the security threat behavior effectively to manage and control, therefore, can't the fail safe of portable terminal effectively be guaranteed the back application program is installed.
Specifically; With the smart mobile phone is example; Mainly there is the shortcoming of following aspect in the security control ability of current intelligent mobile phone system: 1) the trusted grade to mobile phone application software lacks effectively support and checking means; And the basis that the effective just control authority of application trust grade attribute is used, this also just causes system finely to carry out effective Classification Management and control to using authority; 2) mechanism of authorization control based of acquiescence is relatively fixing, can't carry out the adjustment of dynamic flexible according to user's actual demand; 3) owing to be open development platform; Therefore use control ratio looser to the authority of mobile phone application; The authority application developer of the overwhelming majority only need be stated and can obtain; Especially the responsive authority on the cell phone apparatus, for example: relate to that authority (comprise send message, call, online etc.), user privacy information class authority (comprising Message Record, contact person record, message registration etc.), the cell phone apparatus of user charges class is local to connect type management and the control of authority (comprising WIFI connection, bluetooth connection etc.).
A little less than the security control ability relative thin to portable terminals such as mobile phones in the correlation technique; Lack comprehensively test and effective authentication mechanism; Can't effective solution not proposed at present as yet to the problem that the back application program possibly exist the security threat behavior effectively to manage and control is installed.
Summary of the invention
To in the prior art owing to can't to install the back application program possibly exist the security threat behavior effectively to manage and control the technical problem that can't guarantee the portable terminal safe operation that causes, the invention provides a kind of method of controlling security and device of portable terminal.
According to an aspect of the present invention; A kind of method of controlling security of portable terminal is provided; Comprise: when monitoring application using system authority; Obtain affiliated reliability rating of said application and the tabulation of the control authority under the said reliability rating, wherein, write down the authority of required control under the said reliability rating in the said control authority tabulation; Judge whether said System Privileges is the authority in the control authority tabulation; If said System Privileges is not the authority in the said control authority tabulation, then allow said application to use said System Privileges.
Preferably, after judging whether said System Privileges is the authority in the said control authority tabulation, also comprise:, then judge whether to exist the applying control strategy that is used for said System Privileges if said System Privileges is the authority in the said control authority tabulation; If have the applying control strategy that is used for said System Privileges, then judge whether to allow said application to use said System Privileges according to said applying control strategy.
Preferably, after judging whether to exist the applying control strategy that is used for said System Privileges, also comprise:, then receive the applying control strategy of user's input if there is not the applying control strategy that is used for said System Privileges; Applying control strategy according to said user's input judges whether to allow said application to use said System Privileges.
Preferably, before the reliability rating and the tabulation of the control authority under the said reliability rating that obtain under the said application, also comprise: the system directory in appointment loads the control strategy configuration file that presets; Said control strategy configuration file is resolved the control authority tabulation that obtains under each reliability rating; With the control authority list records under said each reliability rating in internal storage data.
Preferably, before the reliability rating and the tabulation of the control authority under the said reliability rating that obtain under the said application, also comprise: when carrying out application scanning or said application is installed, obtain the signing messages of said application in system; The digital certificate that using system presets carries out authentication to said signing messages; If authentication is passed through, then the reliability rating of said application is set to the reliability rating corresponding with said digital certificate; If authentification failure, then the reliability rating of said application is set to trustless grade.
Preferably, said authority comprise following one of at least: type authority of paying, individual privacy information class authority, equipment connect a type authority.
According to a further aspect in the invention; A kind of safety control of portable terminal is provided; Comprise: first acquiring unit is used for when monitoring application using system authority, obtaining affiliated reliability rating of said application and the tabulation of the control authority under the said reliability rating; Wherein, write down the authority of required control under the said reliability rating in the said control authority tabulation; Judging unit is used for judging whether said System Privileges is the authority of control authority tabulation; Processing unit is used for when said System Privileges is not the authority of said control authority tabulation, allowing said application to use said System Privileges.
Preferably, processing unit comprises: judge module is used for when said System Privileges is the authority of said control authority tabulation, judging whether to exist the applying control strategy that is used for said System Privileges; Processing module is used for when existence is used for the applying control strategy of said System Privileges, judges whether to allow said application to use said System Privileges according to said applying control strategy.
Preferably, the safety control of said portable terminal also comprises: loading unit is used for loading the control strategy configuration file that presets at the system directory of appointment; Resolution unit is used for said control strategy configuration file is resolved the control authority tabulation that obtains under each reliability rating; Record cell is used for the control authority list records under said each reliability rating at internal storage data.
Preferably, the safety control of said portable terminal also comprises: second acquisition unit is used for when carrying out application scanning or said application is installed, obtaining the signing messages of said application; Authentication ' unit is used for the digital certificate that using system presets said signing messages is carried out authentication; The unit is set, is used for when authentication is passed through, the reliability rating of said application is set to the reliability rating corresponding with said digital certificate; When authentification failure, the reliability rating of said application is set to trustless grade.
In the present invention; When monitoring the authority of using in the system that uses portable terminal; Through division and the control authority tabulation of application being carried out reliability rating; Realized the management and the controlled function of authority use have been solved the technical problem that can't guarantee the portable terminal safe operation in the prior art, reached the technique effect of the security control ability that has strengthened mobile terminal system.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is a kind of preferred flow charts according to the method for controlling security of embodiment of the invention portable terminal;
Fig. 2 is a kind of preferred structure figure according to the safety control of embodiment of the invention portable terminal;
Fig. 3 is another the preferred structure figure according to the safety control of embodiment of the invention portable terminal;
Fig. 4 is a kind of preferred principle schematic according to the method for controlling security of embodiment of the invention portable terminal;
Fig. 5 is a kind of preferred flow charts according to application trust grade authentication in the method for controlling security of embodiment of the invention portable terminal;
Fig. 6 is a kind of preferred flow charts according to control strategy in the method for controlling security of embodiment of the invention portable terminal;
Fig. 7 is a kind of preferred flow charts according to applying control strategy in the method for controlling security of embodiment of the invention portable terminal;
Fig. 8 is a kind of preferred process flow chart that uses control and management according to application permission in the method for controlling security of embodiment of the invention portable terminal;
Fig. 9 is a kind of preferred flow charts according to the control strategy that generates type authority of paying in the method for controlling security of embodiment of the invention portable terminal;
Figure 10 is a kind of preferred process flow chart according to the use control and management of type authority of paying in the method for controlling security of embodiment of the invention portable terminal;
Figure 11 is a kind of preferred process flow chart according to the control strategy that generates individual privacy information class authority in the method for controlling security of embodiment of the invention portable terminal;
Figure 12 is a kind of preferred process flow chart according to the use control and management of individual privacy information class authority in the method for controlling security of embodiment of the invention portable terminal;
Figure 13 is according to generating the local a kind of preferred process flow chart that connects the control strategy of type authority in the method for controlling security of embodiment of the invention portable terminal;
Figure 14 is according to the local a kind of preferred process flow chart that connects the use control and management of type authority in the method for controlling security of embodiment of the invention portable terminal.
Embodiment
Hereinafter will and combine embodiment to specify the present invention with reference to accompanying drawing.Need to prove that under the situation of not conflicting, embodiment and the characteristic among the embodiment among the application can make up each other.
Embodiment 1
The invention provides a kind of method of controlling security of preferred portable terminal, as shown in Figure 1, the method for controlling security of this portable terminal comprises:
S102 when monitoring application using system authority, obtains affiliated reliability rating of said application and the tabulation of the control authority under the said reliability rating, wherein, has write down the authority of required control under the said reliability rating in the said control authority tabulation.
S104 judges whether said System Privileges is the authority in the control authority tabulation.
S106 if said System Privileges is not the authority in the said control authority tabulation, then allows said application to use said System Privileges.
In the above-described embodiments; When monitoring application using system authority; Through division and the control authority tabulation of application being carried out reliability rating; Can realize judging whether to allow this should be used for using the said system authority according to the authority of reliability rating of using and the control of pairing needs; Avoided application can obtain the responsive authority on the mobile device like this, solved the technical problem that can't guarantee the portable terminal safe operation in the prior art, reached the technique effect of the security control ability that has strengthened mobile terminal system through simple statement.
In a preferred embodiment of the present invention; When the system boot initialization; In the system directory of appointment, load the control strategy configuration file that presets; Through the control strategy configuration file being resolved the control authority tabulation that obtains under each reliability rating, and with the control authority list records under each reliability rating in internal storage data.Certainly; Above-mentioned is a kind of example of the present invention in the above-mentioned load operation of system boot initialization execution, and the present invention is not limited only to this, can also carry out above-mentioned load operation constantly at other; Carry out above-mentioned load operation when for example, each application being scanned.In above-mentioned preferred embodiment; With the control authority list storage under each reliability rating in internal storage data; Advantage realizes control authority tabulation ground fast reading and writing can to utilize internal storage data to read and write apace, thereby has improved the execution speed of the method for controlling security of the portable terminal that the present invention protected.
In another preferred embodiment of the present invention, a kind of splitting scheme of reliability rating is provided.Particularly; On the basis of above-mentioned each preferred embodiment; The method of controlling security of portable terminal also comprises: before the reliability rating and the tabulation of the control authority under the said reliability rating that obtain under the said application; When system carries out application scanning or installation application, obtain the signing messages of application; The digital certificate that using system presets carries out authentication to said signing messages, if authentication is passed through, then the reliability rating of said application is set to the reliability rating corresponding with said digital certificate; If authentification failure, then the reliability rating of said application is set to trustless grade.Preferably, corresponding with said digital certificate reliability rating can include but not limited to: " manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc.In the above-described embodiments; Through the signing messages of application and the digital certificate of system intialization are divided the reliability rating under using; Like this; Reliability rating under using can be complementary with the digital certificate of system, thereby can realize exactly the fail safe of system has been controlled in the division of the reliability rating of using effectively.
In another preferred embodiment of the present invention, when judging whether System Privileges is the authority in the control authority tabulation,, then need further judge whether to exist the applying control strategy that is used for System Privileges if System Privileges is the authority in the control authority tabulation.If there is the applying control strategy that is used for System Privileges, then judge whether to allow to use the using system authority according to applying control strategy.If there is not the applying control strategy that is used for System Privileges, then receive the applying control strategy of user's input, the applying control strategy of importing according to said user judges whether to allow said application to use said System Privileges.In above-mentioned preferred embodiment; When existence is used for the applying control strategy of System Privileges; Use existing applying control strategy to judge whether to allow to use the using system authority; And do not need to obtain new applying control strategy alternately with the user extraly, saved operating process, improved the efficient that method of controlling security is carried out; In addition, when not having the applying control strategy that is used for System Privileges, select current applying control strategy, increased the flexibility of security control through the user.
Preferably, the said user authority of carrying out select including, but not limited to: allow, refusal.On the basis of the foregoing description, after the applying control strategy that receives user's input, the result that said user is selected for this authority is converted into the applying control strategy that is used for said System Privileges, and in system log (SYSLOG), preserves applying control strategy.
In another preferred embodiment of the present invention, said authority comprise following one of at least: type authority of paying, individual privacy information class authority, equipment connect a type authority.In this preferred embodiment, through qualification to authority, can be so that the method for controlling security that the present invention protected goes for different scene.
The enforcement of above-mentioned each optimal technical scheme; Can effectively carry out classification based on reliability rating to the application on the portable terminal; And come using and managing of control authority according to the classification of reliability rating; Customizable that realization is controlled the authority on the portable terminal and dynamic adjustment are effectively managed control to the security threat behavior that the application on the portable terminal possibly exist, and guarantee the fail safe of portable terminal.
Embodiment 2
The invention provides a kind of safety control of preferred portable terminal; As shown in Figure 2; The safety control of this portable terminal comprises: first acquiring unit 202 is used for when monitoring application using system authority, obtaining affiliated reliability rating of said application and the tabulation of the control authority under the said reliability rating; Wherein, write down the authority of required control under the said reliability rating in the said control authority tabulation; Judging unit 204 is used for judging whether said System Privileges is the authority of control authority tabulation; Processing unit 206 is used for when said System Privileges is not the authority of said control authority tabulation, allowing said application to use said System Privileges.
In the foregoing description; When monitoring application using system authority; Through division and the control authority tabulation of application being carried out reliability rating; Can realize judging whether to allow this should be used for using the said system authority according to the authority of reliability rating of using and the control of pairing needs; Avoided application can obtain the responsive authority on the mobile device like this, solved the technical problem that can't guarantee the portable terminal safe operation in the prior art, reached the technique effect of the security control ability that has strengthened mobile terminal system through simple statement.
In a preferred embodiment of the present invention, concrete, as shown in Figure 3, the safety control of said portable terminal also comprises: loading unit 308, resolution unit 310 and record cell 312.When the system boot initialization; Loading unit 308 loads the control strategy configuration file that presets at the system directory of appointment; 310 pairs of said control strategy configuration files of resolution unit are resolved the control authority tabulation that obtains under each reliability rating, record cell 312 with the control authority list records under said each reliability rating in internal storage data.Certainly; It is a kind of example of the present invention that above-mentioned loading unit 308 is carried out above-mentioned load operation in the system boot initialization, and the present invention is not limited only to this, can also carry out above-mentioned load operation constantly at other; Carry out above-mentioned load operation when for example, each application being scanned.In above-mentioned preferred embodiment; With the control authority list storage under each reliability rating in internal storage data; Advantage realizes control authority tabulation ground fast reading and writing can to utilize internal storage data to read and write apace, thereby has improved the execution speed of the method for controlling security of the portable terminal that the present invention protected.
In another preferred embodiment of the present invention, a kind of splitting scheme of reliability rating is provided.As shown in Figure 3; Particularly; On the basis of above-mentioned each preferred embodiment, the safety control of portable terminal also comprises: second acquisition unit 314 was used for before the reliability rating and the tabulation of the control authority under the said reliability rating that obtain under the said application; When carrying out application scanning or said application is installed, obtain the signing messages of said application; Authentication ' unit 316 is used for the digital certificate that using system presets said signing messages is carried out authentication; Unit 318 is set, is used for when authentication is passed through, the reliability rating of said application is set to the reliability rating corresponding with said digital certificate, and when authentification failure, the reliability rating of said application is set to trustless grade.Preferably, corresponding with said digital certificate reliability rating can include but not limited to: " manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc.In the above-described embodiments; Through the signing messages of application and the digital certificate of system intialization are divided the reliability rating under using; Like this; Reliability rating under using can be complementary with the digital certificate of system, thereby can realize exactly the fail safe of system has been controlled in the division of the reliability rating of using effectively.
In another preferred embodiment of the present invention; Concrete, as shown in Figure 3, processing unit 206 comprises: judge module 3062; Be used for when said System Privileges is the authority of said control authority tabulation, judging whether to exist the applying control strategy that is used for said System Privileges; Processing module 3064 is used for when existence is used for the applying control strategy of said System Privileges, judges whether to allow said application to use said System Privileges according to said applying control strategy.In above-mentioned preferred embodiment; When existence is used for the applying control strategy of System Privileges; Use existing applying control strategy to judge whether to allow to use the using system authority; And do not need to obtain new applying control strategy alternately with the user extraly, saved operating process, improved the efficient that method of controlling security is carried out; In addition, when not having the applying control strategy that is used for System Privileges, select current applying control strategy, increased the flexibility of security control through the user.
Preferably, the said user authority of carrying out select including, but not limited to: allow, refusal.On the basis of the foregoing description, after the applying control strategy that receives user's input, the result that said user is selected for this authority is converted into the applying control strategy that is used for said System Privileges, and in system log (SYSLOG), preserves applying control strategy.
In another preferred embodiment of the present invention, said authority comprise following one of at least: type authority of paying, individual privacy information class authority, equipment connect a type authority.In this preferred embodiment, through qualification to authority, can be so that the method for controlling security that the present invention protected goes for different scene.
The enforcement of above-mentioned each optimal technical scheme; Can effectively carry out classification based on reliability rating to the application on the portable terminal; And come using and managing of control authority according to the classification of reliability rating; Customizable that realization is controlled the authority on the portable terminal and dynamic adjustment are effectively managed control to the security threat behavior that the application on the portable terminal possibly exist, and guarantee the fail safe of portable terminal.
Embodiment 3
For technical scheme of the present invention better is described, the present invention is that example comes further the present invention to be made an explanation with the mobile phone safety control system, but it should be noted that; Mobile phone is a kind of preferred embodiment as portable terminal; The preferred embodiment just limits the present invention in order better to describe the present invention, not constitute improperly, as; It can also be PDA portable terminals such as (Persoal Digital Assistant, palmtop PCs).
Fig. 4 is a kind of preferred principle schematic of the method for controlling security of embodiment of the invention portable terminal, can at first load and resolve the control strategy configuration file that presets during system initialization, generates the control authority strategy according to the result who resolves then.System boot scanning preset use and carry out that the third party uses download and install the time; The reliability rating authentication module (for example; Authentication ' unit 316 among Fig. 3) can accomplish authentication processing to the application reliability rating, and the affiliated reliability rating attribute that is applied thus.When monitoring application use mobile phone sensitivity authority; The handling process of meeting access entitlements use and management module; Said authority use and management module is through working final management and the controlled function that authority is used of accomplishing with reliability rating authentication module and authority usage policy module cooperative.
In the present embodiment, the job step of mobile phone safety control system is as shown in Figure 4, specifically comprises:
S402: the reliability rating authentication module carries out the authentication of application trust grade, and the reliability rating attribute that is applied thus.
Preferably, when application of start scanning for the first time or installation application, the reliability rating authentication module carries out the reliability rating authentication to application, and the reliability rating attribute that is applied thus.
S404: whether authority use and management module uses the responsive authority of mobile phone to detect to using.
Preferably; When authority use and management module detects application use mobile phone sensitivity authority; Use the authority that relates to the user charges class (comprise send message, call, online etc.), user privacy information class authority (comprising Message Record, contact person record, message registration etc.), the local type authority that connects of cell phone apparatus when (comprising WIFI connection, bluetooth connection etc.) like said application, enter into authority use and management module and manage.
S406: authority use and management module is obtained the reliability rating attribute of said application through the reliability rating authentication module.
S408: authority use and management module obtains the specific strategy that this application permission is controlled according to the reliability rating attribute of said application from authority usage policy module, carries out rights management.
S410:, response is made in the behavior of using rights of using according to the concrete control strategy that obtains.
Preferably, said the behavior of using rights of using is made that response comprises but one of any below not limiting to: 1) directly accept; 2) directly refuse; 3) prompting user.
Under the situation of response forms, can use to select dynamically to preserve according to user's authority and upgrade corresponding application controls for prompting.
Embodiment 4
For technical scheme of the present invention better is described; The present invention is that example comes further the present invention to be made an explanation with the mobile phone safety control system; But it should be noted that; Just as a kind of preferred embodiment of portable terminal, the preferred embodiment just limits the present invention in order better to describe the present invention, not constitute mobile phone improperly.
Can at first load and resolve the control strategy configuration file that presets during system initialization, generate the control authority strategy according to the result who resolves then.System boot scanning preset use and carry out that the third party uses download and install the time, can accomplish using the authentication processing of reliability rating, and the affiliated reliability rating attribute that is applied thus.When monitoring application use mobile phone sensitivity authority; The handling process of meeting access entitlements use and management module; Said authority use and management module is through working final management and the controlled function that authority is used of accomplishing with reliability rating authentication module and authority usage policy module cooperative.
Preferably, Fig. 5 is preferred embodiment of the present invention application trust grade identifying procedure figure, specifically comprises the steps:
Step S502 carries out application scanning or during the installation of newly using, separates press operation to using bag, and accomplish using the dissection process of package informatin in start.
Step S504, extracts the signing messages data of application, and notes using the result of bag dissection process according to step S502.
Step S506, the PKI file that application signature information that step S504 is obtained and mobile phone preset digital certificate carries out authentication processing, if execution in step S508, otherwise execution in step S510 are passed through in authentication.
Step S508 gives the pairing reliability rating of digital certificate that authentication is passed through, and preferred, said reliability rating comprises " manufacturer's reliability rating ", " operator's reliability rating ", " third party's cooperation manufacturer reliability rating " etc.; Then, execution in step S512.
Step S510 is if the equal authentification failure of all digital certificates that application signature and mobile phone preset is then given this application " trustless grade ".
Step S512, the application trust grade that authentication is obtained records in the attribute configuration file of using correspondence, treats as a normality attribute of using.
To S512, accomplish support and checking through above step S502, make different application have different reliability rating attributes, reach using the effect that authority is carried out effective Classification Management and control to the reliability rating of mobile phone application software.
Preferably, Fig. 6 is the flow chart that generates control strategy in the method for controlling security of portable terminal of the present invention, comprising:
Step S602 during initialization, at first can load the control strategy configuration file that preset at the system directory of appointment during system boot, and preferred, this control strategy configuration file can be system default control strategy configuration file.
Step S604 carries out the dissection process of control strategy configuration file, classifies by reliability rating and resolves the permissions list that obtains the required control of each reliability rating.
Step S606, the permissions list of the required control of each reliability rating that parsing is obtained records in the internal storage data structure, forms control strategy.
Preferably, Fig. 7 is an applying control strategy flow chart in the mobile phone method of controlling security of the present invention, comprises the steps:
Step S702 when monitoring when using the responsive authority of the system that uses, gets into step S704.
Step S704 gets access to the reliability rating attribute of application, and judges whether this authority belongs to the authority of the required control of said control strategy (for example, system default control authority); If do not belong to, execution in step S706 then is if belong to execution in step S708.
Step S706 ignores the authority of the required control of non-control strategy and uses.
Step S708, the applying control strategy that judges whether to exist this authority to use, if the words execution in step S710 that exists, if there is not then execution in step S712.
There has been the applying control strategy of this authority in step S710, does not process.
Step S712, the prompting user selects the application corresponding control strategy to this authority, and waits for and receive the applying control strategy that the user selects.
Step S714, record/renewal user is for the applying control strategy of this application permission.
Preferably, Fig. 8 is the process chart of application permission control and management in the method for controlling security of portable terminal of the present invention, comprises the steps:
Step S802 when monitoring when using the responsive authority of the system that uses, gets into step S804.
Step S804 judges whether this authority belongs to the authority of required control in the control strategy (for example, judging whether to belong to the system default control authority); If do not belong to, execution in step S806 then, if belong to, execution in step S808 then.
Step S806 because authority is the authority of the required control of non-control strategy, therefore directly lets pass to the use of this authority,, allows to use the above-mentioned authority of use that is.
Step S808, the applying control strategy that judges whether to exist this authority to use, if the words execution in step S810 that exists, if there is not then execution in step S812.
Step S810 obtains the applying control strategy record of this authority, and carries out the control and management of authority according to control strategy.
Step S812; Because current authority does not also have corresponding applying control strategy record, therefore, eject prompting frame and remind the current system of user that responsive authority is used; Hang up current work disposal flow process simultaneously, and etc. receive the further selection that the user uses for this authority.
Step S814 receives the usage policy of user for this authority, execution in step S816 and step S818.
Step S816, with the user for the use of this authority select (allow this/refusal this/always allow/refusal always) be converted into the applying control strategy that authority is used, preserve the applying control strategy record value that writes down with update system.
Step S818 carries out the control and management that authority is used according to user's selection.
The enforcement of above-mentioned optimal technical scheme; Can effectively carry out classification based on reliability rating to the mobile phone terminal applies; And carry out the Classification Management that crucial authority is used according to the application trust grade separation; Being mainly reflected in can be to manufacturer and/or user's different demand for control, comes the customizable of terminal key control of authority and dynamic adjustment.The user can realize under the support of present technique scheme the management of the responsive bundle of permissions of mobile phone terminal key and control purpose easily; Control is managed in the security threat behavior that can effectively possibly exist the mobile phone terminal applies, effectively guarantees the fail safe of mobile phone terminal.
Embodiment 5
Following content is based on the concrete application implementation example of mobile phone method of controlling security of the present invention.Here realize the easiest on the intelligent mobile phone terminal by malicious intrusions and the management controlled function that needs most the responsive bundle of permissions of focused protection; The concrete bundle of permissions of control that realizes comprises: the class of a paying bundle of permissions (comprise and send message, calling, network traffics access control right), individual privacy information class bundle of permissions (comprising the access contacts record, Message Record, cell phone apparatus information, geographical location information), the local type bundle of permissions (comprising that wifi connection, bluetooth connect) that connects.
What need to specify is, the authority that following examples are all used with " untrusted application trust grade " is used and is controlled to be example and describes, and application permission uses under other reliability rating control principle and handling process all are consistent, just repeat no more here.
Present embodiment is based on following scene: type bundle of permissions of paying is used a control and management.
1) control strategy is set, will sends message, calling, the network traffics visit joins " untrusted application trust grade " needs in the control authority.
2) control strategy of generation paying type authority is as shown in Figure 9, comprises the steps:
Step S902 during initialization, at first can load the control strategy configuration file that preset at the system directory of appointment during system boot.
Step S904 carries out the dissection process of control strategy configuration file, resolves to obtain " insincere reliability rating " paying class permissions list of required control down.
Step S906, the paying class permissions list that parsing is obtained required control records in the internal storage data, forms control strategy (for example, system default control strategy).
3) the use control and management of paying type authority, shown in figure 10, concrete handling process is following:
Step S1002 uses when paying type authority execution in step S1004 when monitoring to use.
Step S1004 obtains and uses affiliated reliability rating, compares with control authority tabulation under this reliability rating.
Step S1006 judges whether this authority belongs to the authority of the required control of definition in type control of authority strategy of paying, if the words execution in step S1008 that does not belong to, if the words execution in step S1010 that belongs to.
Step S1008 because authority is the authority of the required control of non-control strategy, therefore directly lets pass to the use of this authority.
Step S1010, the applying control strategy that judges whether to exist this paying authority to use, if the words execution in step S1012 that exists, if there is not then execution in step S1014.
Step S1012 obtains the applying control strategy record of this paying authority, and carries out the control and management of authority according to control strategy.
Step S1014, because current authority does not also have corresponding applying control strategy record, therefore, system can eject prompting frame and remind the user, hangs up current work disposal flow process simultaneously, and waits and receive the further selection of user for this paying authority use.
Step S1016 receives the usage policy of user for this paying authority, execution in step 1018 and step S1020.
Step S1018, with the user for the use of this paying authority select (allow this/refusal this/always allow/refusal always) be converted into the applying control strategy that authority is used, preserve the applying control strategy record value that writes down with update system.
Step S1020 uses this paying authority according to user's selection to respond.
The enforcement of above-mentioned paying safety management technology scheme; The user can well be according to the reliability rating attribute of using; Classification control and managing mobile phone terminal applies can come adjustment flexibly to use the use control strategy to the class authority of paying with scene according to user's actual user demand to the use of type authority of paying (send message, call, network traffics visit etc.).Under the support of present technique scheme; The user can realize the purpose to management of mobile phone terminal payment class bundle of permissions and control easily; Can effectively prevent mobile phone terminal payment class authority by the security threat behavior of malice infringement, thereby effectively guarantee the pay fail safe of type authority of mobile phone terminal.
Embodiment 6
Present embodiment is based on following scene: individual privacy information class bundle of permissions is used control and management.
1) control strategy is set, authorities such as access message record, contact person record, message registration, individual geographical location information are joined " untrusted application trust grade " to be needed in the control authority.
2) control strategy of generation individual privacy information class authority, shown in figure 11, idiographic flow is following:
Step S1102 during initialization, at first can load the control strategy configuration file that preset at the system directory of appointment during system boot.
Step S1104 carries out the dissection process of control strategy configuration file, resolves to obtain " trustless grade " individual privacy information class permissions list of required control down.
Step S1106, the individual privacy information list of access rights that parsing is obtained records in the internal storage data structure, forms control strategy.
3) the use control and management of individual privacy information class authority is shown in figure 12, and concrete handling process is following:
Step S1202 uses when using the individual privacy information authority execution in step S1204 when monitoring.
Step S1204 obtains and uses affiliated reliability rating, compares with control authority tabulation under this reliability rating.
Step S1206 judges whether this authority belongs to the authority of the required control of definition in the individual privacy information class control of authority strategy, if the words execution in step S1208 that does not belong to, if the words execution in step S1210 that belongs to.
Step S1208 because authority is the authority of the required control of non-control strategy, therefore directly lets pass to the use of this authority,, allows to use the above-mentioned authority of use that is.
Step S1210, the applying control strategy that judges whether to exist this individual privacy information authority to use, if the words execution in step S1212 that exists, if there is not then execution in step S1214.
Step S1212 obtains the applying control strategy record of this individual privacy information authority, and carries out the control and management of authority according to control strategy.
Step S1214; Because current authority does not also have corresponding applying control strategy record, therefore, system can eject prompting frame and remind the user; Hang up current work disposal flow process simultaneously, and etc. receive the further selection that the user uses for this individual privacy information authority.
Step S1216 receives the usage policy of user for this paying authority, execution in step S1218 and step S1220.
Step S1218, with the user for the use of this individual privacy information authority select (allow this/refusal this/always allow/refusal always) be converted into the applying control strategy that authority is used, preserve the applying control strategy record value that writes down with update system.
Step S1220 carries out the control and management that the individual privacy information authority is used according to user's selection.
The enforcement of above-mentioned individual privacy information safety management technology scheme; The user can well be according to the reliability rating of using; Classification control and managing mobile phone terminal applies can come adjustment flexibly to use the use control strategy to individual privacy information class authority according to user's actual user demand and scene to the use of individual privacy information class authority (access message record, contact person record, message registration etc.).Under the support of present technique scheme; The user can realize the purpose to class rights management of mobile phone terminal individual privacy information and control easily; Can effectively prevent mobile phone terminal individual privacy information class authority by the security threat behavior of malice infringement, thereby effectively guarantee the fail safe of mobile phone terminal individual privacy information authority.
Embodiment 7
Present embodiment is based on following scene: equipment connects type bundle of permissions and uses a control and management.
1) control strategy is set, will use authorities such as bluetooth connection, wifi connection to join " untrusted application trust grade " needs in the control authority
2) generate the local control strategy that connects type authority, shown in figure 13, idiographic flow is following:
Step S1302 during initialization, at first can load the control strategy configuration file that preset at the system directory of appointment during system boot.
Step S1304 carries out the dissection process of control strategy configuration file, resolves to obtain " trustless grade " and connect a type permissions list in this locality of required control down.
Step S1306, this locality connection permissions list that parsing is obtained records in the internal storage data structure, forms control strategy.
3) the local use control and management that connects type authority, shown in figure 14, concrete handling process is following:
Step S1402, when monitor use use local when connecting authority, execution in step S1404.
Step S1404 obtains and uses affiliated reliability rating, compares with control authority tabulation under this reliability rating.
Step S1406 judges whether this authority belongs to the local authority that connects the required control of definition in type control of authority strategy, if the words execution in step S1408 that does not belong to, if the words execution in step S1410 that belongs to.
Step S1408 because authority is the authority of the required control of non-control strategy, therefore directly lets pass to the use of this authority,, allows to use the above-mentioned authority of use that is.
Step S1410 judges whether to exist this local applying control strategy that connects the authority use, if the words execution in step S1412 that exists, if there is not then execution in step S1414.
Step S1412 obtains this local applying control strategy record that connects authority, and carries out the control and management of authority according to control strategy.
Step S1414; Because current authority does not also have corresponding applying control strategy record, therefore, eject prompting frame and remind the current system of user that responsive authority is used; Hang up current work disposal flow process simultaneously, and etc. receive the user and connect the further selection that authority is used for this this locality.
Step S1416 receives the usage policy of user for this this locality connection authority, execution in step S1418 and step S1420.
Step S1418 is converted into the applying control strategy that authority is used, the applying control strategy record value that preservation and update system write down with the user for the use selection (allowing this/refuse this/always allow/always refuse) that this this locality connects authority.
Step S1420 carries out the local control and management that authority is used that connects according to user's selection.
The enforcement of above-mentioned dispensing apparatus attachment security administrative skill scheme; The user can well be according to the reliability rating of using; Classification control and managing mobile phone terminal applies connect type use of authority (wifi connection, bluetooth connection etc.) to equipment, can come adjustment flexibly to use the use control strategy to equipment type of connection authority with scene according to user's actual user demand.Under the support of present technique scheme; The user can realize the mobile phone terminal equipment is connected the purpose of type bundle of permissions management and control easily; Can effectively prevent the mobile phone terminal equipment is connected type authority by the security threat behavior of malice infringement, thereby guarantee that effectively mobile phone terminal equipment connects the fail safe of type authority.
Obviously, it is apparent to those skilled in the art that above-mentioned each module of the present invention or each step can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, and in some cases, can carry out step shown or that describe with the order that is different from here by calculation element; Perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. the method for controlling security of a portable terminal is characterized in that, comprising:
When monitoring application using system authority, obtain affiliated reliability rating of said application and the tabulation of the control authority under the said reliability rating, wherein, write down the authority of required control under the said reliability rating in the said control authority tabulation;
Judge whether said System Privileges is the authority in the control authority tabulation;
If said System Privileges is not the authority in the said control authority tabulation, then allow said application to use said System Privileges.
2. according to the said method of claim 1, it is characterized in that, after judging whether said System Privileges is the authority in the said control authority tabulation, also comprise:
If said System Privileges is the authority in the said control authority tabulation, then judge whether to exist the applying control strategy that is used for said System Privileges;
If have the applying control strategy that is used for said System Privileges, then judge whether to allow said application to use said System Privileges according to said applying control strategy.
3. according to the said method of claim 2, it is characterized in that, after judging whether to exist the applying control strategy that is used for said System Privileges, also comprise:
If there is not the applying control strategy that is used for said System Privileges, then receive the applying control strategy of user's input;
Applying control strategy according to said user's input judges whether to allow said application to use said System Privileges.
4. according to the said method of claim 1, it is characterized in that, before the reliability rating and the tabulation of the control authority under the said reliability rating that obtain under the said application, also comprise:
System directory in appointment loads the control strategy configuration file that presets;
Said control strategy configuration file is resolved the control authority tabulation that obtains under each reliability rating;
With the control authority list records under said each reliability rating in internal storage data.
5. according to the said method of claim 1, it is characterized in that, before the reliability rating and the tabulation of the control authority under the said reliability rating that obtain under the said application, also comprise:
When system carries out application scanning or said application is installed, obtain the signing messages of said application;
The digital certificate that using system presets carries out authentication to said signing messages;
If authentication is passed through, then the reliability rating of said application is set to the reliability rating corresponding with said digital certificate; If authentification failure, then the reliability rating of said application is set to trustless grade.
6. according to each said method in the claim 1 to 5, it is characterized in that, said authority comprise following one of at least: type authority of paying, individual privacy information class authority, equipment connect a type authority.
7. the safety control of a portable terminal is characterized in that, comprising:
First acquiring unit; Be used for when monitoring application using system authority; Obtain affiliated reliability rating of said application and the tabulation of the control authority under the said reliability rating, wherein, write down the authority of required control under the said reliability rating in the said control authority tabulation;
Judging unit is used for judging whether said System Privileges is the authority of control authority tabulation;
Processing unit is used for when said System Privileges is not the authority of said control authority tabulation, allowing said application to use said System Privileges.
8. according to the said device of claim 7, it is characterized in that said processing unit comprises:
Judge module is used for when said System Privileges is the authority of said control authority tabulation, judging whether to exist the applying control strategy that is used for said System Privileges;
Processing module is used for when existence is used for the applying control strategy of said System Privileges, judges whether to allow said application to use said System Privileges according to said applying control strategy.
9. according to the said device of claim 7, it is characterized in that, also comprise:
Loading unit is used for loading the control strategy configuration file that presets at the system directory of appointment;
Resolution unit is used for said control strategy configuration file is resolved the control authority tabulation that obtains under each reliability rating;
Record cell is used for the control authority list records under said each reliability rating at internal storage data.
10. according to the said device of claim 7, it is characterized in that, also comprise:
Second acquisition unit is used for when carrying out application scanning or said application is installed, obtaining the signing messages of said application;
Authentication ' unit is used for the digital certificate that using system presets said signing messages is carried out authentication;
The unit is set, is used for when authentication is passed through, the reliability rating of said application is set to the reliability rating corresponding with said digital certificate; When authentification failure, the reliability rating of said application is set to trustless grade.
CN201110378065.6A 2011-11-24 2011-11-24 The method of controlling security and device of mobile terminal Active CN102404727B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110378065.6A CN102404727B (en) 2011-11-24 2011-11-24 The method of controlling security and device of mobile terminal
PCT/CN2012/071201 WO2013075412A1 (en) 2011-11-24 2012-02-16 Security control method and device for mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110378065.6A CN102404727B (en) 2011-11-24 2011-11-24 The method of controlling security and device of mobile terminal

Publications (2)

Publication Number Publication Date
CN102404727A true CN102404727A (en) 2012-04-04
CN102404727B CN102404727B (en) 2017-12-05

Family

ID=45886412

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110378065.6A Active CN102404727B (en) 2011-11-24 2011-11-24 The method of controlling security and device of mobile terminal

Country Status (2)

Country Link
CN (1) CN102404727B (en)
WO (1) WO2013075412A1 (en)

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833166A (en) * 2012-08-28 2012-12-19 广东欧珀移动通信有限公司 Method and device for data flow distribution and mobile communication terminal
CN102868813A (en) * 2012-09-05 2013-01-09 广东欧珀移动通信有限公司 Method for realizing safety management mechanism and cell phone
CN102984125A (en) * 2012-10-31 2013-03-20 蓝盾信息安全技术股份有限公司 System and method of isolating mobile data
CN103065083A (en) * 2013-01-31 2013-04-24 晨风云(北京)科技有限公司 Method and system for monitoring application program interface of intelligent mobile terminal
WO2013107301A1 (en) * 2012-01-20 2013-07-25 腾讯科技(深圳)有限公司 Application processing method and mobile terminal
CN103268451A (en) * 2013-06-08 2013-08-28 上海斐讯数据通信技术有限公司 Dynamic permission management system based on mobile terminal
CN103347116A (en) * 2012-11-09 2013-10-09 北京深思洛克软件技术股份有限公司 System and method for setting multi-security modes in smart phone
WO2013185413A1 (en) * 2012-06-12 2013-12-19 中兴通讯股份有限公司 Method and apparatus for controlling application right
CN103546436A (en) * 2012-07-13 2014-01-29 中兴通讯股份有限公司 Security control method, terminal, and cloud server
CN103646216A (en) * 2013-11-13 2014-03-19 天脉聚源(北京)传媒科技有限公司 Method and device for monitoring folder of terminal
CN103686722A (en) * 2012-09-13 2014-03-26 中兴通讯股份有限公司 Access control method and device
CN103886255A (en) * 2014-03-12 2014-06-25 可牛网络技术(北京)有限公司 Application program privacy authority management method and device
CN104066090A (en) * 2013-03-21 2014-09-24 联想(北京)有限公司 Information processing method and electronic device
CN105404819A (en) * 2014-09-10 2016-03-16 华为技术有限公司 Data access control method and apparatus and terminal
WO2016146046A1 (en) * 2015-03-18 2016-09-22 中兴通讯股份有限公司 Data access method and device
CN106022091A (en) * 2016-05-11 2016-10-12 青岛海信移动通信技术股份有限公司 Authorization method and device of application program
CN106332080A (en) * 2015-07-02 2017-01-11 平安科技(深圳)有限公司 WIFI (Wireless Fidelity) hotspot connection control method based on communication system, server and WIFI hotspot
CN107273738A (en) * 2017-06-22 2017-10-20 努比亚技术有限公司 A kind of method of controlling security, terminal and computer-readable recording medium
CN107302637A (en) * 2017-08-15 2017-10-27 北京安云世纪科技有限公司 A kind of method and system that classification control is realized based on NameSpace
CN107437013A (en) * 2016-05-27 2017-12-05 阿里巴巴集团控股有限公司 Auth method and device
CN108712561A (en) * 2018-04-18 2018-10-26 Oppo广东移动通信有限公司 Right management method, device, mobile terminal and storage medium
CN108763884A (en) * 2018-04-18 2018-11-06 Oppo广东移动通信有限公司 Right management method, device, mobile terminal and storage medium
CN108763951A (en) * 2015-10-26 2018-11-06 青岛海信移动通信技术股份有限公司 A kind of guard method of data and device
CN108763892A (en) * 2018-04-18 2018-11-06 Oppo广东移动通信有限公司 Right management method, device, mobile terminal and storage medium
CN109361807A (en) * 2018-10-25 2019-02-19 努比亚技术有限公司 Information access control method, mobile terminal and computer readable storage medium
WO2019196296A1 (en) * 2018-04-09 2019-10-17 平安科技(深圳)有限公司 Image control and camera application photography control method and apparatus, and electronic device
CN110990798A (en) * 2019-12-02 2020-04-10 珠海格力电器股份有限公司 Application program permission configuration method and device, electronic equipment and storage medium
CN111492617A (en) * 2017-11-08 2020-08-04 西门子歌美飒可再生能源公司 Method and authentication device for authenticating digital certificates
CN111856961A (en) * 2020-07-31 2020-10-30 深圳市欧瑞博科技股份有限公司 Intelligent device control method and device based on permission and electronic device
CN112637843A (en) * 2013-10-22 2021-04-09 沈阳讯网网络科技有限公司 Control method for closing application function of mobile terminal

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104869236A (en) * 2015-04-29 2015-08-26 努比亚技术有限公司 Method and device for preventing terminal from false deduction
CN105812364A (en) * 2016-03-11 2016-07-27 深圳市全智达科技有限公司 Data transmission method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064604A (en) * 2006-04-29 2007-10-31 西门子公司 Remote access process, system and equipment
WO2008067118A2 (en) * 2006-11-30 2008-06-05 Microsoft Corporation Advanced content authentication and authorization
CN101513008A (en) * 2006-07-31 2009-08-19 意大利电信股份公司 System for implementing safety of telecommunication terminal
US20100037047A1 (en) * 2005-10-18 2010-02-11 Antonio Varriale Method for Controlling Access to File Systems, Related System, Sim Card and Computer Program Product for Use therein

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100037047A1 (en) * 2005-10-18 2010-02-11 Antonio Varriale Method for Controlling Access to File Systems, Related System, Sim Card and Computer Program Product for Use therein
CN101064604A (en) * 2006-04-29 2007-10-31 西门子公司 Remote access process, system and equipment
CN101513008A (en) * 2006-07-31 2009-08-19 意大利电信股份公司 System for implementing safety of telecommunication terminal
WO2008067118A2 (en) * 2006-11-30 2008-06-05 Microsoft Corporation Advanced content authentication and authorization

Cited By (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013107301A1 (en) * 2012-01-20 2013-07-25 腾讯科技(深圳)有限公司 Application processing method and mobile terminal
US9609142B2 (en) 2012-01-20 2017-03-28 Tencent Technology (Shenzhen) Company Limited Application processing method and mobile terminal
CN103491056A (en) * 2012-06-12 2014-01-01 中兴通讯股份有限公司 Control method and device for permission of application
WO2013185413A1 (en) * 2012-06-12 2013-12-19 中兴通讯股份有限公司 Method and apparatus for controlling application right
CN103546436B (en) * 2012-07-13 2018-10-23 南京中兴软件有限责任公司 A kind of method of controlling security and terminal, Cloud Server
CN103546436A (en) * 2012-07-13 2014-01-29 中兴通讯股份有限公司 Security control method, terminal, and cloud server
CN102833166A (en) * 2012-08-28 2012-12-19 广东欧珀移动通信有限公司 Method and device for data flow distribution and mobile communication terminal
CN102868813A (en) * 2012-09-05 2013-01-09 广东欧珀移动通信有限公司 Method for realizing safety management mechanism and cell phone
CN103686722A (en) * 2012-09-13 2014-03-26 中兴通讯股份有限公司 Access control method and device
CN103686722B (en) * 2012-09-13 2018-06-12 中兴通讯股份有限公司 Access control method and device
CN102984125B (en) * 2012-10-31 2016-01-13 蓝盾信息安全技术股份有限公司 A kind of system and method for Mobile data isolation
CN102984125A (en) * 2012-10-31 2013-03-20 蓝盾信息安全技术股份有限公司 System and method of isolating mobile data
CN103347116A (en) * 2012-11-09 2013-10-09 北京深思洛克软件技术股份有限公司 System and method for setting multi-security modes in smart phone
CN103065083A (en) * 2013-01-31 2013-04-24 晨风云(北京)科技有限公司 Method and system for monitoring application program interface of intelligent mobile terminal
CN104066090A (en) * 2013-03-21 2014-09-24 联想(北京)有限公司 Information processing method and electronic device
CN104066090B (en) * 2013-03-21 2018-12-14 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN103268451A (en) * 2013-06-08 2013-08-28 上海斐讯数据通信技术有限公司 Dynamic permission management system based on mobile terminal
CN103268451B (en) * 2013-06-08 2017-12-05 上海斐讯数据通信技术有限公司 A kind of dynamic permission management system based on mobile terminal
CN112637843A (en) * 2013-10-22 2021-04-09 沈阳讯网网络科技有限公司 Control method for closing application function of mobile terminal
CN103646216B (en) * 2013-11-13 2016-09-14 天脉聚源(北京)传媒科技有限公司 A kind of monitoring method and device of terminal file
CN103646216A (en) * 2013-11-13 2014-03-19 天脉聚源(北京)传媒科技有限公司 Method and device for monitoring folder of terminal
CN103886255B (en) * 2014-03-12 2017-11-10 可牛网络技术(北京)有限公司 The privacy authority management method and device of application program
CN103886255A (en) * 2014-03-12 2014-06-25 可牛网络技术(北京)有限公司 Application program privacy authority management method and device
CN105404819A (en) * 2014-09-10 2016-03-16 华为技术有限公司 Data access control method and apparatus and terminal
WO2016146046A1 (en) * 2015-03-18 2016-09-22 中兴通讯股份有限公司 Data access method and device
CN106332080A (en) * 2015-07-02 2017-01-11 平安科技(深圳)有限公司 WIFI (Wireless Fidelity) hotspot connection control method based on communication system, server and WIFI hotspot
CN108763951B (en) * 2015-10-26 2022-02-18 青岛海信移动通信技术股份有限公司 Data protection method and device
CN108763951A (en) * 2015-10-26 2018-11-06 青岛海信移动通信技术股份有限公司 A kind of guard method of data and device
CN106022091A (en) * 2016-05-11 2016-10-12 青岛海信移动通信技术股份有限公司 Authorization method and device of application program
CN107437013A (en) * 2016-05-27 2017-12-05 阿里巴巴集团控股有限公司 Auth method and device
US11176232B2 (en) 2016-05-27 2021-11-16 Advanced New Technologies Co., Ltd. Identity verification method and apparatus
CN107273738A (en) * 2017-06-22 2017-10-20 努比亚技术有限公司 A kind of method of controlling security, terminal and computer-readable recording medium
CN107302637A (en) * 2017-08-15 2017-10-27 北京安云世纪科技有限公司 A kind of method and system that classification control is realized based on NameSpace
CN111492617A (en) * 2017-11-08 2020-08-04 西门子歌美飒可再生能源公司 Method and authentication device for authenticating digital certificates
WO2019196296A1 (en) * 2018-04-09 2019-10-17 平安科技(深圳)有限公司 Image control and camera application photography control method and apparatus, and electronic device
CN108712561B (en) * 2018-04-18 2020-05-19 Oppo广东移动通信有限公司 Authority management method, device, mobile terminal and storage medium
CN108763892A (en) * 2018-04-18 2018-11-06 Oppo广东移动通信有限公司 Right management method, device, mobile terminal and storage medium
CN108763884A (en) * 2018-04-18 2018-11-06 Oppo广东移动通信有限公司 Right management method, device, mobile terminal and storage medium
CN108763884B (en) * 2018-04-18 2022-01-11 Oppo广东移动通信有限公司 Authority management method, device, mobile terminal and storage medium
CN108712561A (en) * 2018-04-18 2018-10-26 Oppo广东移动通信有限公司 Right management method, device, mobile terminal and storage medium
CN109361807A (en) * 2018-10-25 2019-02-19 努比亚技术有限公司 Information access control method, mobile terminal and computer readable storage medium
CN110990798A (en) * 2019-12-02 2020-04-10 珠海格力电器股份有限公司 Application program permission configuration method and device, electronic equipment and storage medium
CN110990798B (en) * 2019-12-02 2021-07-20 珠海格力电器股份有限公司 Application program permission configuration method and device, electronic equipment and storage medium
CN111856961A (en) * 2020-07-31 2020-10-30 深圳市欧瑞博科技股份有限公司 Intelligent device control method and device based on permission and electronic device

Also Published As

Publication number Publication date
CN102404727B (en) 2017-12-05
WO2013075412A1 (en) 2013-05-30

Similar Documents

Publication Publication Date Title
CN102404727A (en) Method and device for safety control of mobile terminal
CN103686722A (en) Access control method and device
US20180091978A1 (en) Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality
CN102204299B (en) Method for securely changing mobile device from old owner to new owner
EP2070379B1 (en) Services for mobile users through distinct electronic apparatuses
CN102521548B (en) Method for managing using rights of function and mobile terminal
CN103959857B (en) Manage the mobile device application in wireless network
CN102413221B (en) Method for protecting privacy information and mobile terminal
CN102906758A (en) Access management system
US20110029671A1 (en) Terminal and method for managing secure devices
JP2015092374A (en) Apparatus and methods for managing firmware verification on wireless device
CN103546436A (en) Security control method, terminal, and cloud server
CN101444119A (en) System for implementing security police on mobile communication equipment
CN103491056A (en) Control method and device for permission of application
US10136323B2 (en) Method and device for operating a mobile terminal in a mobile communication network
CN102413220B (en) Method for controlling right of using connection function and mobile terminal
CN104822127A (en) Bluetooth device, data channel real-time management and control method and system thereof
JP4716644B2 (en) Mobile communication system and apparatus constituting the system
EP1555770B1 (en) Communication management system, mobile terminal device, and communication management program
CN104021076B (en) Application testing method and router
CN102006597A (en) Method and system for controlling software license as well as mobile terminal
CN104202325A (en) System for implementing security policies on mobile communication equipment
CN107396295B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
CN105611046A (en) Strategy customization-based Android mobile phone security protection system and protection method thereof
WO2011040744A2 (en) Mobile application reissuing method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20201222

Address after: 251800 north of Dongshou Road, Yanggu Road, Laodian Town, Yangxin County, Binzhou City, Shandong Province

Patentee after: Greihezheng (Shandong) energy saving building materials Co.,Ltd.

Address before: 518057 No. 55 South Science and technology road, Shenzhen, Guangdong, Nanshan District

Patentee before: ZTE Corp.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230927

Address after: Room 102-442, 1st Floor, No. 17 Baihetou, Xihe Village, Tangqi Town, Linping District, Hangzhou City, Zhejiang Province, 310000

Patentee after: Hangzhou Doudou Network Co.,Ltd.

Address before: 251800 north of Dongshou Road, Yanggu Road, Laodian Town, Yangxin County, Binzhou City, Shandong Province

Patentee before: Greihezheng (Shandong) energy saving building materials Co.,Ltd.